Vaultwarden

Vaultwarden is install on vaultwarden (internal IP 10.1.0.11). You can access it from the web at https://vault.falken-niedersachsen.de. Users need to be created and invited, invites are send automatically to new LDAP users/emails. To change the settings of the Vaultwarden installation, use the ADMIN_TOKEN to login at https://vault.falken-niedersachsen.de/admin.

Setup

Vaultwarden requires docker and docker-compose to be installed. Then, using the docker-compose.yml, setup is very straighforward:

$ docker-compose up -d

You also need to place a config for the LDAP connctor in /etc/vaultwarden/config.toml:

vaultwarden_url = "http://vaultwarden:80"
vaultwarden_admin_token = "{ADMIN_TOKEN from the docker-compose}"
ldap_host = "10.1.0.9"
ldap_bind_dn = "cn=admin,dc=ldap,dc=falken-niedersaschen,dc=de"
ldap_bind_password = "{LDAP Admin Password}"
ldap_search_base_dn = "ou=Users,dc=ldap,dc=falken-niedersachsen,dc=de"
ldap_search_filter = "(&(objectClass=falkenNDSAccount)(uid=*)(!(pwdAccountLockedTime=000001010000Z)))"
ldap_sync_interval_seconds = 300

This is how the docker-compose.yml should look like.

---
version: '3'
services:
    vaultwarden_ldap:
        image: vividboarder/vaultwarden_ldap:latest
        volumes:
            - /etc/vaultwarden/config.toml:/config.toml:ro
        restart: always
        environment:
            CONFIG_PATH: /config.toml
        depends_on:
            - vaultwarden
    vaultwarden:
        image: vaultwarden/server:latest
        volumes:
            - /var/vw-data/:/data/
        environment:
            ADMIN_TOKEN: {secret}
            SIGNUPS_ALLOWED: 'false'
            INVITATIONS_ALLOWED: 'true'
        ports:
            - 80:80
        restart: always

Upgrade

Just rebuild the containers to update:

$ apt update
$ apt upgrade
$ docker-compose down
$ docker pull vaultwarden/server:latest
$ docker pull vividboarder/vaultwarden_ldap:latest
$ docker-compose up -d